Falhas do tipo CWE-295
672 resultadosCVE-2024-49369CRITICALIcinga 2 has a TLS Certificate Validation Bypass for JSON-RPC and HTTP API ConnectionsEPSS 2.9%CVE-2022-26766MEDIUMA certificate parsing issue was addressed with improved checks. This issue is fixed in tvOS 15.5, iOS 15.5 and iPadOS 15.5, Security Update EPSS 2.7%CVE-2018-0277—A vulnerability in the Extensible Authentication Protocol-Transport Layer Security (EAP-TLS) certificate validation during EAP authenticatioEPSS 2.5%CVE-2019-3814HIGHIt was discovered that Dovecot before versions 2.2.36.1 and 2.3.4.1 incorrectly handled client certificates. A remote attacker in possessionEPSS 2.5%CVE-2018-1000500MEDIUMBusybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code executionEPSS 2.5%CVE-2023-26463CRITICALstrongSwan 5.9.8 and 5.9.9 potentially allows remote code execution because it uses a variable named "public" for two different purposes witEPSS 2.3%CVE-2018-0227—A vulnerability in the Secure Sockets Layer (SSL) Virtual Private Network (VPN) Client Certificate Authentication feature for Cisco AdaptiveEPSS 2.1%CVE-2021-3618—ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatibEPSS 2.0%CVE-2021-20989MEDIUMFibaro Home Center Insufficient remote access server authorizationEPSS 2.0%CVE-2019-12098HIGHIn the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack.EPSS 2.0%CVE-2021-44549—SMTPS server hostname not checked when making TLS connection to SMTPS serverEPSS 1.9%CVE-2019-3777HIGHApps Manager unverified SSL certs in Cloud Controller proxyEPSS 1.9%CVE-2017-7468MEDIUMIn curl and libcurl 7.52.0 to and including 7.53.1, libcurl would attempt to resume a TLS session even if the client certificate had changedEPSS 1.9%CVE-2023-28321MEDIUMAn improper certificate validation vulnerability exists in curl <v8.1.0 in the way it supports matching of wildcard patterns when listed as EPSS 1.8%CVE-2023-31486HIGHHTTP::Tiny before 0.083, a Perl core module since 5.13.9 and available standalone on CPAN, has an insecure default TLS configuration where uEPSS 1.7%CVE-2022-23632HIGHTraefik skips the router TLS configuration when the host header is an FQDNEPSS 1.7%CVE-2023-0465MEDIUMInvalid certificate policies in leaf certificates are silently ignoredEPSS 1.6%CVE-2016-7075HIGHIt was found that Kubernetes as used by Openshift Enterprise 3 did not correctly validate X.509 client intermediate certificate host name fiEPSS 1.6%CVE-2023-31484HIGHCPAN.pm before 2.35 does not verify TLS certificates when downloading distributions over HTTPS.EPSS 1.6%CVE-2024-5921MEDIUMGlobalProtect App: Insufficient Certificate Validation Leads to Privilege EscalationEPSS 1.5%